CVE-2022-40182

Name of the Vulnerable Software and Affected Versions Desigo PXM30-1 versions prior to V02.20.126.11-41 Desigo PXM30.E versions prior to V02.20.126.11-41 Desigo PXM40-1 versions prior to V02.20.126.11-41 Desigo PXM40.E versions prior to V02.20.126.11-41 Desigo PXM50-1 versions prior to V02.20.126.11-41 Desigo PXM50.E versions prior to V02.20.126.11-41 PXG3.W100-1 versions prior to V02.20.126.11-37 PXG3.W100-2 versions prior to V02.20.126.11-41 PXG3.W200-1 versions prior to V02.20.126.11-37 PXG3.W200-2 versions prior to V02.20.126.11-41

Description A vulnerability has been identified in the device embedded Chromium-based browser, which is launched as root with the "--no-sandbox" option. Attackers can add arbitrary JavaScript code inside "Operation" graphics and successfully exploit any number of publicly known vulnerabilities against the version of the embedded Chromium-based browser.

Recommendations For Desigo PXM30-1 versions prior to V02.20.126.11-41, update to V02.20.126.11-41 or later. For Desigo PXM30.E versions prior to V02.20.126.11-41, update to V02.20.126.11-41 or later. For Desigo PXM40-1 versions prior to V02.20.126.11-41, update to V02.20.126.11-41 or later. For Desigo PXM40.E versions prior to V02.20.126.11-41, update to V02.20.126.11-41 or later. For Desigo PXM50-1 versions prior to V02.20.126.11-41, update to V02.20.126.11-41 or later. For Desigo PXM50.E versions prior to V02.20.126.11-41, update to V02.20.126.11-41 or later. For PXG3.W100-1 versions prior to V02.20.126.11-37, update to V02.20.126.11-37 or later. For PXG3.W100-2 versions prior to V02.20.126.11-41, update to V02.20.126.11-41 or later. For PXG3.W200-1 versions prior to V02.20.126.11-37, update to V02.20.126.11-37 or later. For PXG3.W200-2 versions prior to V02.20.126.11-41, update to V02.20.126.11-41 or later.